package com.isoft.uaaservice.config;


import com.isoft.uaaservice.filter.JwtAuthenticationFilter;
import com.isoft.uaaservice.handler.AccessDeniedHandlerImpl;
import com.isoft.uaaservice.handler.AuthenticationEntryPointImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SpringSecurityConfig {
    //注入自定义的密码加密处理（给密码加随机盐）
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    //AuthenticationManager用户认证
    //配置AuthenticationManager与登录接口的放行
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception{
        return configuration.getAuthenticationManager();
    }
    @Autowired
    JwtAuthenticationFilter jwtAuthenticationFilter;

    //注入访问被拒绝类
    @Autowired
    AccessDeniedHandlerImpl accessDeniedHandler;
    //注入认证失败类
    @Autowired
    AuthenticationEntryPointImpl authenticationEntryPoint;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception{
        httpSecurity.authorizeHttpRequests(request ->{
            //放行配置
            request.requestMatchers("/sys/user/login","/sys/user/register","/sys/user/registerresttemplate","/sys/user/freezeenable","/sys/user/getnewone","/sys/user/changepassword","/email/*" ,"/sys/user/rephoto/*","/userphoto/*", "/login","/verfycode", "/*.html","/js/*").permitAll();
            //认证配置
            /*request.requestMatchers("/sys/man/*").hasAuthority("sys");
            request.requestMatchers("/sys/audit/*").hasAnyAuthority("sys","audit");
            request.requestMatchers("/sys/infor/*").hasAnyAuthority("sys","infor");
            request.requestMatchers("/sys/statistics/*").hasAnyAuthority("sys","statistics");
            request.requestMatchers("/sys/query/*").hasAnyAuthority("sys","query");*/

            request.anyRequest().authenticated();
        });
        //关闭crsf
        httpSecurity.csrf(crsf->crsf.disable());
        //不通过Session获取SecurityContext
        httpSecurity.sessionManagement(session ->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        //配置自定义的JwtAuthenticationFilter在UsernamePasswordAuthenticationFilter之前调用
        httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

        //配置自定义异常处理类
        httpSecurity.exceptionHandling(expConfig ->
                expConfig.accessDeniedHandler(accessDeniedHandler).authenticationEntryPoint(authenticationEntryPoint));


        return httpSecurity.build();
    }
}
